summaryrefslogtreecommitdiff
path: root/docs/podman-run.1.md
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2019-08-09 16:29:43 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2019-08-13 10:16:01 -0400
commit316e51f0a91d24f75a9191e2226928bc0c1c5b91 (patch)
tree7ab971c3fe4a1eedb291f89e9777dfb77ca90afe /docs/podman-run.1.md
parentc48243ee1eb3fe36b54057994d5e908d8a3d7f16 (diff)
downloadpodman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.tar.gz
podman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.tar.bz2
podman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.zip
Add support & documentation to run containers with different file types
Udica is adding new features to allow users to define container process and file types. This would allow us to setup trusted communications channels between multiple security domains. ContainerA -> ContainerB -> ContainerC Add tests to make sure users can change file types Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'docs/podman-run.1.md')
-rw-r--r--docs/podman-run.1.md11
1 files changed, 6 insertions, 5 deletions
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index e7c898b25..8a211e284 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -656,11 +656,12 @@ Security Options
- `apparmor=unconfined` : Turn off apparmor confinement for the container
- `apparmor=your-profile` : Set the apparmor confinement profile for the container
-- `label=user:USER` : Set the label user for the container
-- `label=role:ROLE` : Set the label role for the container
-- `label=type:TYPE` : Set the label type for the container
-- `label=level:LEVEL` : Set the label level for the container
-- `label=disable` : Turn off label confinement for the container
+- `label=user:USER` : Set the label user for the container processes
+- `label=role:ROLE` : Set the label role for the container processes
+- `label=type:TYPE` : Set the label process type for the container processes
+- `label=level:LEVEL` : Set the label level for the container processes
+- `label=filetype:TYPE` : Set the label file type for the container files
+- `label=disable` : Turn off label separation for the container
- `no-new-privileges` : Disable container processes from gaining additional privileges